TRACK REMOTE ACCESS WITH RRAS LOGGING

Tracking server usage is critical to managing security, and tracking remote access is particularly important. If your organization uses Windows 2000 Server's Routing and Remote Access Service (RRAS) to provide remote access capability, you should take a hard look at the types of logging you have at your disposal.

RRAS offers two logging methods: Windows Accounting and RADIUS Accounting. If you enable Windows Accounting, the system stores the log on the RRAS server. To configure the file, open the RRAS console, click the Remote Access Logging branch, and double-click the Local File item in the right pane.

You can configure log options in the resulting dialog box. Use the Settings tab to specify which items the system should log. At a minimum, you should choose the Accounting Requests and Authentication Requests options.

Use the Local File tab to specify the location of the log file and the time period to keep a log before starting a new one. If you want to be able to integrate the log into a database, choose the Database Compatible File Format option. If you want your data to be compatible with Internet Authentication Service (IAS), choose the IAS Format option.

As with any logging activity, make sure to monitor the logs, and archive old logs to a safe location. Logs are useless if you never review them, and maintaining logs for a reasonable period of time will help you follow up on ongoing security problems and track problem patterns.